Commit graph

319 commits

Author SHA1 Message Date
Elliott Hughes
1291e50173 Remove bionic's now-unused UniquePtr.
Change-Id: Id77dbdd6d4255ae8317449725ef093be9422407f
2016-07-22 19:52:46 -07:00
Treehugger Robot
4f62c5b311 Merge changes I7718b1ba,I648adc35
* changes:
  Only initialize the global stack protector once.
  Make getpid work before TLS has been initialized.
2016-07-22 19:20:58 +00:00
Evgenii Stepanov
d13e9a603f Align-up and randomize shared libraries.
This change implements the following property:
  Any 2**N aligned memory region on size 2**N contains no more than one DSO.

The value N can be configured, with 16 or 18 looking like a good choice.
Additionally, DSOs are loaded at random page-aligned address inside these large
regions.

This change has dual purpose:
1. Larger values of N allow a lot more compact CFI shadow implementation.
   See change I14dfea630de468eb5620e7f55f92b1397ba06217.
   For example, CFI shadow for the system_server process has the following size (RSS, KB):
   152 for N = 12, 32 for N = 16, 16 for N = 18.
2. Extra randomization is good for security.

This change does not result in extra RAM usage, because everything is still page-aligned.
It does result in a bit more VM fragmentation because of the gaps between shared libraries.
As it turns out, this fragmentation is barely noticeable because the kernel creates new mapping
at the highest possible address, and we do enough small mappings to almost completely fill the
gaps (ex. in the Zygote the gaps are filled with .ttf file mappings and thread stacks).

I've measured VM fragmentation as the sum of all VM gaps (unmapped regions) that are larger
than 1MB according to /proc/$PID/maps. On aosp_angler-userdebug, the numbers are (in GB):

                |   N = 12  |  N = 18
system_server   |   521.9   |  521.1
zygote64        |   522.1   |  521.3
zygote32        |   2.55    |  2.55
mediaserver     |   4.00    |  4.00

Change-Id: Ia6df840dd409c82837efd1f263be420d9723c84a
2016-07-19 18:18:22 -07:00
Elliott Hughes
4ce902c30e Support 32-bit ARM vdso.
Linux 4.1 added this.

Bug: http://b/19198045
Change-Id: I28be802ff403a61dd6733a001411b3ff05fef5a5
2016-07-12 13:55:51 -07:00
Elliott Hughes
53420fb21e x86-64's va_list is not a pointer type.
Change-Id: I680feeb641d5411ac481daaae6fa1580e74c5563
2016-06-30 13:47:16 -07:00
Josh Gao
b6453c52ac Only initialize the global stack protector once.
Before, dynamic executables would initialize the global stack protector
twice, once for the linker, and once for the executable. This worked
because the result was the same for both initializations, because it
used getauxval(AT_RANDOM), which won't be the case once arc4random gets
used for it.

Bug: http://b/29622562
Change-Id: I7718b1ba8ee8fac7127ab2360cb1088e510fef5c
Test: ran the stack protector tests on angler (32/64bit, static/dynamic)
2016-06-30 12:58:32 -07:00
Elliott Hughes
8ed118db61 Apparently mips and x86's va_list is a pointer type.
And clang won't let you have a function declaration where some arguments
have nullability specifiers and others don't.

Change-Id: I450b0221a3f7f068d5fe971dfbc0ba91d25710e8
2016-06-30 12:46:21 -07:00
Elliott Hughes
9eb3ae122f Remove __nonnull (in favor of _Nonnull).
It's a dangerous pain in the ass, and we're only using it in one place, and
that's a mistake too.

Change-Id: Ida1d1286aaa1343bdee95fa092fcb45ff3258f77
2016-06-30 10:37:03 -07:00
Josh Gao
c80ffece02 Defer registration of the arc4random fork-detect handler.
Previously, arc4random would register a fork-detecting pthread_atfork
handler to not have to call getpid() after a fork. pthread_atfork uses
pthread_mutex_lock, which requires the current thread to be initialized,
preventing the use of arc4random for initializing the global stack guard,
which needs to happen before the main thread has been initialized.

Extract the arc4random fork-detection flag and use the existing
arc4random fork handler to set it.

Bug: http://b/29622562
Change-Id: I98c9329fa0e489c3f78cad52747eaaf2f5226b80
2016-06-28 15:52:59 -07:00
Elliott Hughes
b0da5760dc Move the IEEE fp header out of the public headers.
Bug: http://b/28519060
Change-Id: I9f1a1a9ac1f22462bf86991b57c51824cb42eefd
2016-05-02 12:44:41 -07:00
Josh Gao
26bc9c64d5 Move <sys/_sigdefs.h> and <sys/_errdefs.h> to private.
Bug: http://b/28067717
Change-Id: I02f78ad7293a15ff45e35e9c20f60d3d023931eb
2016-04-13 17:45:39 -07:00
Elliott Hughes
5db4b6e5de Make it harder to use a broken legacy function by accident.
This function only exists for backwards compatibility, so leave it as it was.

Bug: http://b/26944282
Change-Id: I31973d1402660933103ee2d815649ab9569e4dfc
2016-04-04 16:15:37 -07:00
Mingwei Shi
be91052932 libc: implement kernel vdso syscalls for i386
This patch uses __kernel_vsyscall instead of "int 0x80"
as the syscall entry point. AT_SYSINFO points to
an adapter to mask the arch specific difference and gives a
performance boost on i386 architecture.

Change-ID: Ib340c604d02c6c25714a95793737e3cfdc3fc5d7
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
2016-03-25 14:10:05 -07:00
Elliott Hughes
fc69a8ad5f Improve and fix the stack-protector tests.
Bug: http://b/26888853
Change-Id: I505dbf7d5934f7247fb639f55dd6a9341df3947b
2016-03-09 14:50:03 -08:00
Elliott Hughes
b83d6747fa Improve FORTIFY failure diagnostics.
Our FORTIFY _chk functions' implementations were very repetitive and verbose
but not very helpful. We'd also screwed up and put the SSIZE_MAX checks where
they would never fire unless you actually had a buffer as large as half your
address space, which probably doesn't happen very often.

Factor out the duplication and take the opportunity to actually show details
like how big the overrun buffer was, or by how much it was overrun.

Also remove the obsolete FORTIFY event logging.

Also remove the unused __libc_fatal_no_abort.

This change doesn't improve the diagnostics from the optimized assembler
implementations.

Change-Id: I176a90701395404d50975b547a00bd2c654e1252
2016-02-26 22:06:17 -08:00
Colin Cross
2c75991359 Add backtrace_string and export to libmemunreachable
Add backtrace_string to convert a malloc_debug backtrace to a string.
Also move the backtrace functions to libc_malloc_debug_backtrace so that
libmemunreachable can reuse them.

Change-Id: I5ad67001c0b4d184903c762863a8588181d4873b
2016-02-18 16:09:17 -08:00
Colin Cross
869691c6f7 Export malloc_iterate and friends
Export malloc_iterate, malloc_enable, and malloc_disable to be used by
libmemunreachable.

Change-Id: I08a50349af82a95d096b6b4cbac37ababe4b9b06
2016-02-18 15:05:38 -08:00
Yabin Cui
ca48274298 Revert "Revert "Make sem_wait able to return errno EINTR for sdk > 23.""
This reverts commit 6d51085202.
And add missing bionic_sdk_version.h.

Change-Id: I24cc738b1fd1d26234c52afbc787f5b3c4a9c9cb
2016-01-25 17:39:18 -08:00
Christopher Ferris
63860cb8fd Malloc debug rewrite.
The major components of the rewrite:

- Completely remove the qemu shared library code. Nobody was using it
  and it appears to have broken at some point.
- Adds the ability to enable/disable different options independently.
- Adds a new option that can enable the backtrace on alloc/free when
  a process gets a specific signal.
- Adds a new way to enable malloc debug. If a special property is
  set, and the process has an environment variable set, then debug
  malloc will be enabled. This allows something that might be
  a derivative of app_process to be started with an environment variable
  being enabled.
- get_malloc_leak_info() used to return one element for each pointer that
  had the exact same backtrace. The new version returns information for
  every one of the pointers with same backtrace. It turns out ddms already
  automatically coalesces these, so the old method simply hid the fact
  that there where multiple pointers with the same amount of backtrace.
- Moved all of the malloc debug specific code into the library.
  Nothing related to the malloc debug data structures remains in libc.
- Removed the calls to the debug malloc cleanup routine. Instead, I
  added an atexit call with the debug malloc cleanup routine. This gets
  around most problems related to the timing of doing the cleanup.

The new properties and environment variables:

libc.debug.malloc.options
  Set by option name (such as "backtrace"). Setting this to a bad value
  will cause a usage statement to be printed to the log.

libc.debug.malloc.program
  Same as before. If this is set, then only the program named will
  be launched with malloc debug enabled. This is not a complete match,
  but if any part of the property is in the program name, malloc debug is
  enabled.

libc.debug.malloc.env_enabled
  If set, then malloc debug is only enabled if the running process has the
  environment variable LIBC_DEBUG_MALLOC_ENABLE set.

Bug: 19145921

Change-Id: I7b0e58cc85cc6d4118173fe1f8627a391b64c0d7
2016-01-25 10:54:21 -08:00
Josh Gao
0ac0cee0d1 Remove dlmalloc.
Bug: http://b/17207577
Change-Id: Ie009badca6deb1f91b27a4340b70cdd6bedff893
2016-01-25 10:14:35 -08:00
Elliott Hughes
42d949ff9d Defend against -fstack-protector in libc startup.
Exactly which functions get a stack protector is up to the compiler, so
let's separate the code that sets up the environment stack protection
requires and explicitly build it with -fno-stack-protector.

Bug: http://b/26276517
Change-Id: I8719e23ead1f1e81715c32c1335da868f68369b5
2016-01-06 20:06:08 -08:00
Elliott Hughes
76dfa6e351 Remove mktime_tz.
Bug: http://b/15765976
Change-Id: Ifc8cd19ae621e611d66173ae927ef9a0445965c1
2016-01-06 09:15:02 -08:00
Elliott Hughes
63fbb233cb Tidy up KernelArgumentBlock::getauxval.
Correct the comment, and remove the unused functionality. getauxval(3) does
now set errno to let you know it failed to find anything, but since none of
this function's callers care anyway it seems safer to leave errno untouched
until we actually have a demonstrated need for it.

Bug: https://code.google.com/p/android/issues/detail?id=198111
Change-Id: I232a42dc5a02c8faab94c7d69bef610408276c23
2016-01-05 16:29:33 -08:00
Elliott Hughes
7cb3c4af13 Merge "sem_timedwait with a null timeout doesn't mean "forever"." 2015-12-17 01:15:15 +00:00
Christopher Ferris
0b13f29b2c Fix missing parentheses.
The BIONIC_ROUND_UP_POWER_OF_2 macro did not have parentheses around
the whole expression. This lead to the wrong value being computed when
used as part of a mathematical expression such as this:

  value = BIONIC_ROUND_UP_POWER_OF_2(value) - 1;

This only happens on 64 bit abis.

Change-Id: I6f8afbdaf16fe64a88fa0246d074b3534c9159c1
2015-12-16 16:11:04 -08:00
Elliott Hughes
dd586f2ebd sem_timedwait with a null timeout doesn't mean "forever".
It actually means "crash immediately". Well, it's an error. And callers are
much more likely to realize their mistake if we crash immediately rather
than return EINVAL. Historically, glibc has crashed and bionic -- before
the recent changes -- returned EINVAL, so this is a behavior change.

Change-Id: I0c2373a6703b20b8a97aacc1e66368a5885e8c51
2015-12-16 15:15:58 -08:00
Dimitry Ivanov
a5e183c066 Explicitly disallow default c-tor
Change-Id: Ia52995a459443159e80383d5b396c3edd90a08ae
2015-12-01 16:57:19 -08:00
Yabin Cui
74ed96d597 Merge "Use FUTEX_WAIT_BITSET to avoid converting timeouts." 2015-11-21 01:50:29 +00:00
Yabin Cui
c9a659c57b Use FUTEX_WAIT_BITSET to avoid converting timeouts.
Add unittests for pthread APIs with timeout parameter.

Bug: 17569991

Change-Id: I6b3b9b2feae03680654cd64c3112ce7644632c87
2015-11-19 13:42:03 -08:00
Yabin Cui
fe3a83a934 Implement pthread spin.
In order to run tsan unit tests, we need to support pthread spin APIs.

Bug: 18623621
Bug: 25392375
Change-Id: Icbb4a74e72e467824b3715982a01600031868e29
2015-11-18 17:51:21 -08:00
Elliott Hughes
6331e806de Implement scandirat and scandirat64.
Bug: http://b/12612339
Change-Id: Id3b249a884fe08964b26a017ae9574961f0cb441
2015-10-27 13:47:36 -07:00
Yabin Cui
d26e780df6 Use bionic lock in pthread_internal_t.
It removes calling to pthread_mutex_lock() at the beginning of new
thread, which helps to support thread sanitizer.

Change-Id: Ia3601c476de7976a9177b792bd74bb200cee0e13
2015-10-22 20:14:33 -07:00
Josh Gao
3c8fc2fea9 Move malloc dispatch table to __libc_globals.
Change-Id: Ic20b980d1e8b6c2d4b773ebe336658fd17c737cb
2015-10-12 17:54:58 -07:00
Josh Gao
fe9d0ed6cb Move setjmp cookie to a shared globals struct.
Change-Id: I59a4c187d61524c4e48655c4c6376dba0d41eee2
2015-10-09 15:59:04 -07:00
Josh Gao
93c0f5ee00 Move VDSO pointers to a shared globals struct.
Change-Id: I01cbc9cf0917dc1fac52d9205bda2c68529d12ef
2015-10-09 15:59:04 -07:00
Christopher Ferris
ad157a3c33 Merge "Add a no dwarf version of assembler macros." 2015-09-30 23:18:32 +00:00
Christopher Ferris
8f8308c974 Add a no dwarf version of assembler macros.
For the __release and __release_rt functions, the previous macros
would add a dwarf cfi entry for the function with no values. This works
with libunwind since it always tries the arm unwind information first.

This change removes those entries by creating a no dwarf version of the
assembler macro.

Change-Id: Ib93e42fff5a79b8d770eab0071fdee7d2afa988d
2015-09-30 15:32:15 -07:00
Yabin Cui
cb6f599c44 Fix the way to count online cpus.
Read /proc/stat to count online cpus is not correct for all android
kernels. Change to reading /sys/devices/system/cpu/online instead.

Bug: 24376925
Change-Id: I3785a6c7aa15a467022a9a261b457194d688fb38
2015-09-29 17:49:37 -07:00
Dan Albert
aa23b2ee5e Add a TLS slot for TSAN.
This is so TSAN won't need to rely on pthread_getspecific for finding
the current thread state.

Change-Id: Id3befeabec0a9f7ca77b5549fbc427e22e6aaa34
2015-08-18 15:09:00 -07:00
Andreas Gampe
e80369ab0c Merge "Bionic: Add a TLS slot for ART for Thread self" 2015-08-04 22:35:34 +00:00
Andreas Gampe
9bbb5a7a09 Bionic: Add a TLS slot for ART for Thread self
To improve the performance of Thread::Current(), add a tls slot so
ART can avoid a pthreads call.

Change-Id: Icc86a2b7590734637366f9d5e41a5c6d18cc5772
2015-07-28 19:53:54 -07:00
Elliott Hughes
afab3ffcce Move PAGE_MASK into <sys/user.h>.
I'm removing the TODO on the assumption that being compatible with glibc
is more useful than BSD. The new internal "bionic_page.h" header factors
out some duplication between libc and the linker.

Bug: http://b/22735893
Change-Id: I4aec4dcba5886fb6f6b9290a8f85660643261321
2015-07-28 14:58:37 -07:00
Elliott Hughes
d29486343a Use a less misleading name for the code that sets up the main thread.
Change-Id: I50c1b0a3b633cf8bc40a6bd86f12adb6b91e2888
2015-07-21 11:57:09 -07:00
Spencer Low
0346ad7a4f ScopedFd: Don't use TEMP_FAILURE_RETRY() with close()
According to the comments in Posix_close(), TEMP_FAILURE_RETRY() should
not be used with close():

462bdac45c%5E%21/#F12

Kill ScopedFd by simplifying the single caller.

Change-Id: I248c40b8c2fc95f1938a6edfc245c81847fc44af
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
2015-05-13 13:27:11 -07:00
Christopher Ferris
c0f89283cc Update the number of jemalloc reserved keys.
jemalloc now uses a single key pointing to a structure rather
than multiple keys.

Change-Id: Ib76185a594ab2cd4dc400d9a7a5bc0a57a7ac92d
2015-04-15 17:20:10 -07:00
Yabin Cui
76615dae93 Provide writer preference option in rwlock.
Previous implementation of rwlock contains four atomic variables, which
is hard to maintain and change. So I make following changes in this CL:

1. Add pending flags in rwlock.state, so we don't need to synchronize
between different atomic variables. Using compare_and_swap operations
on rwlock.state is enough for all state change.

2. Add pending_lock to protect readers/writers waiting and wake up
operations. As waiting/wakeup is not performance critical, using a
lock is easier to maintain.

3. Add writer preference option.

4. Add unit tests for rwlock.

Bug: 19109156

Change-Id: Idcaa58d695ea401d64445610b465ac5cff23ec7c
2015-04-08 13:11:13 -07:00
Elliott Hughes
6170693e28 Make ThreadLocalBuffer a class rather than a macro.
Bug: 19995392
Change-Id: I497c512648fbe66257da3fb3bcd5c9911f983705
2015-03-31 10:56:58 -07:00
Christopher Ferris
995b813e91 For libm, use a macro for aliasing symbols.
Change-Id: Ibd42ebc387c2bf3eba9aa96091770915b4b34184
2015-03-13 23:57:15 -07:00
Yabin Cui
f7e3b3e48a Use pthread_once for g_uselocale_key creation.
Bug: 19625804
Change-Id: I57ec4c965067dc0c157c795c1f7217a3ca403286
2015-03-05 20:39:10 -08:00
Yabin Cui
4a2891d8c8 Better control of pthread keys used in bionic.
Change-Id: I1e1bc77c0e7879baead6c3417282ce549a1153b5
2015-03-04 16:53:23 -08:00